譯科技 | 比特幣遭受重創(chuàng)：2019年最嚴(yán)重的密碼災(zāi)難

來(lái)源：Zdnet 時(shí)間：2019-12-09 14:42:24 作者：Charlie Osborne

Bitcoin battered： The worst crypto catastrophes of 2019

數(shù)據(jù)觀丨（譯）

　　Millions in cryptocurrency stolen， exit scams， and countless arrests were made in connection to crypto criminal schemes this year.

　　今年發(fā)生了數(shù)百萬(wàn)起加密貨幣被盜事件，“退出騙局”及無(wú)數(shù)與密碼犯罪相關(guān)的逮捕事件也在上演。

　　The cryptocurrency market is booming， and with it， criminals are looking to cash in.

　　加密貨幣市場(chǎng)蓬勃發(fā)展的同時(shí)，不法分子們也企圖借此牟利。

　　Bitcoin （BTC） may not have sustained the $19，000+ price tag of previous years， now coming in at roughly $7，200 at the time of writing， but there is also a variety of other stable coins and altcoins， including Ethereum （ETH）， Ripple （XRP）， Monero （XMR）， Bitcoin Cash （BCH）， and Litecoin （LTC）， that maintain a loyal following and constant trade.

　　比特幣（BTC）可能已經(jīng)無(wú)法續(xù)寫前幾年1.9萬(wàn)美元以上市值的輝煌了，筆者在撰寫本報(bào)告時(shí)，比特幣目前的市值約為7200美元，但市場(chǎng)上除了比特幣外還存在其他各種穩(wěn)定的虛擬貨幣和阿爾特幣，其中，包括 Ethereum （ETH）， Ripple（XRP） ， Monero （XMR）， Bitcoin Cash（BCH）， and Litecoin（LTC）等，這些幣始終有忠實(shí)的追隨者，關(guān)于這些幣的交易也在不斷進(jìn)行。

　　The industry has gained enough traction in recent years that regulators are beginning to shift towards the viewpoint that virtual coins should be considered taxable assets， with the IRS now hunting down cryptocurrency traders that do not declare their investments. The UK's Financial Conduct Authority （FCA） also clarified its stance （.PDF） this year on what coins can be considered securities or e-money -- some of which now land under the FCA's remit.

　　近年來(lái)，虛擬貨幣行業(yè)一直被人們所關(guān)注，以至于監(jiān)管機(jī)構(gòu)開(kāi)始轉(zhuǎn)向虛擬貨幣應(yīng)被視為應(yīng)納稅資產(chǎn)的觀點(diǎn)。美國(guó)國(guó)稅局（IRS）目前美國(guó)國(guó)稅局（IRS）目前正在追捕未申報(bào)其投資的加密貨幣交易員。英國(guó)金融市場(chǎng)行為監(jiān)管局（FCA）今年也就哪些幣可以被視為證券或電子貨幣闡明了其立場(chǎng)。

　　Russia， too， known for its hostile approach to cryptocurrency， has begun to accept that cryptocurrency may have a legal position in the economy.

　　對(duì)加密貨幣持?jǐn)硨?duì)態(tài)度的俄羅斯，也開(kāi)始接受加密貨幣在金融市場(chǎng)中可以具有合法地位的事實(shí)。

　　With any form of asset that has financial worth， criminals will look for ways to fraudulently profit and cryptocurrency is no exception. The industry is rather unregulated， with laws potentially applied locally， but with exchanges registered worldwide， investment in cryptocurrency can be a risk.

　　對(duì)于任何形式、具有金融價(jià)值的資產(chǎn)，犯罪分子都會(huì)想方設(shè)法從中騙取利潤(rùn)，加密貨幣也不例外。該行業(yè)的受監(jiān)管程度相當(dāng)不均衡，法律也許能在當(dāng)?shù)剡m用，但隨著加密貨幣交易所在全球范圍內(nèi)大量注冊(cè)，對(duì)密碼貨幣進(jìn)行投資的風(fēng)險(xiǎn)也越來(lái)越高。

　　Exchanges are a common target. A weakness in a website， a vulnerability leading to exposure of a hot wallet -- storage systems used to hold virtual coins that are Internet-connected -- insider threats， and exit scams can all result in traders losing their cryptocurrency. Wallets， too， can be ransacked when vulnerabilities are found， and the blockchain itself， the backbone technology of cryptocurrency exchanges， may be subject to attacks . Unless cryptocurrency is stashed in a cold， hardware-based wallet that is not connected to the web， there may be a risk of cyberattack.

　　加密貨幣交易所是犯罪分子的一個(gè)共同目標(biāo)。網(wǎng)站本身的不足、導(dǎo)致熱錢包（用于存放聯(lián)網(wǎng)虛擬貨幣的存儲(chǔ)系統(tǒng)）暴露的系統(tǒng)漏洞、內(nèi)部威脅以及退出騙局都可能導(dǎo)致交易商失去他們的加密貨幣。一旦發(fā)現(xiàn)漏洞，錢包可能被洗劫一空，區(qū)塊鏈（加密貨幣交換的主干技術(shù)）本身也可能遭受攻擊，除非加密貨幣隱藏在一個(gè)基于硬件的且沒(méi)有連接到網(wǎng)絡(luò)的冷錢包中，否則就會(huì)存在被網(wǎng)絡(luò)攻擊的風(fēng)險(xiǎn)。

　　Below， we take a look at some of the most noteworthy cases of hacking， criminal investigations， exit scams， and cryptocurrency-related breaches over 2019.

　　下面，我們來(lái)看看2019年最值得關(guān)注的與加密貨幣相關(guān)的黑客、刑事調(diào)查、退出騙局以及數(shù)據(jù)泄露事件。

　　JANUARY：

　　Cryptopia： New Zealand's Cryptopia cryptocurrency exchange was pulled offline due to some form of hack， but details are scant. Trading was suspended and the firm went into liquidation.Estimates suggest that up to $16 million may have been lost.

　　Proof of Stake： Security issues were found in 26 forms of cryptocurrency opening up users to "Fake Stake" attacks， crashing blockchains and giving attackers the opportunity to seize control of them.

　　LocalBitcoins： An attack taking place on the peer-to-peer cryptocurrency market platform led to the theft of Bitcoin belonging to customers.

　　Bitgrail sentence： The previous owner of hacked exchange Bitgrail -- which lost $195 million in Nano coins -- was commanded by an Italian court to return as much in customer funds as possible， leading to the seizure of assets.

　　IOTA arrest： Europol arrested a man from the United Kingdom on suspicion of stealing €10 million in IOTA cryptocurrency.

　　1月：

　　新西蘭加密貨幣交易所Cryptopia遭黑客攻擊：由于某種形式的黑客攻擊，新西蘭加密貨幣交易所被迫下線，但細(xì)節(jié)尚不清楚。當(dāng)時(shí)，該公司暫停交易，進(jìn)行清算，估計(jì)有價(jià)值1 600萬(wàn)美元的資產(chǎn)損失。

　　權(quán)益證明（Proof of Stake）加密貨幣出現(xiàn)安全問(wèn)題：在26個(gè)基于權(quán)益證明的加密貨幣中發(fā)現(xiàn)了安全問(wèn)題。用戶有可能受到“假權(quán)益”攻擊，攻擊者破壞區(qū)塊鏈并伺機(jī)控制它們。

　　比特幣交易平臺(tái)LocalBitcoins遭黑客攻擊：點(diǎn)對(duì)點(diǎn)加密貨幣交易平臺(tái)LocalBitcoins遭受攻擊，導(dǎo)致屬于客戶的比特幣被盜。

　　對(duì)Bitgrai公司的判決：被黑客入侵的Bitgrail交易所的前所有者——由于Bitgrail交易所軟件存在漏洞造成了1.95億美元的NaNo幣被盜——被意大利一家法院命令盡可能多的賠償客戶損失，導(dǎo)致個(gè)人資產(chǎn)被沒(méi)收。

　　盜竊IOTA代幣的黑客被捕：歐洲刑警組織1月逮捕了一名涉嫌盜竊價(jià)值1 000萬(wàn)歐元加密貨幣的罪犯。

　　FEBRUARY：

　　Coinmama： Coinmama was made aware that 450，000 email addresses and hashed passwords of users were up for sale on the Dark Web.

　　2月：

　　比特幣交易所Coinmama遭黑客攻擊：Coinmama交易所在今年2月被爆出有45萬(wàn)個(gè)用戶的電子郵件地址和散列密碼在黑暗網(wǎng)絡(luò)上出售。

　　MARCH：

　　Bithumb： Bithumb reported another security incident， the third in two years. It is believed that cyberattackers may have stolen up to $20 million in EOS tokens and Ripple.

　　DragonEx， CoinBene： The cryptocurrency exchanges were subject to cyberattacks， leading to an estimated loss of $1 million in cryptocurrency by DragonEx， and $45 million by CoinBene.

　　3月：

　　韓國(guó)第二大加密貨幣交易所Bithumb遭黑客攻擊：據(jù)報(bào)道，Bithumb在今年3月被黑客攻擊，攻擊者成功竊取了價(jià)值約為2000萬(wàn)美元的EOS代幣和瑞波幣，這是該公司近兩年來(lái)第三起安全事件。

　　區(qū)塊鏈資產(chǎn)交易平臺(tái)DragonEx以及數(shù)字資產(chǎn)交易平臺(tái)CoinBene遭黑客入侵：這些加密貨幣交易平臺(tái)在今年三月遭受網(wǎng)絡(luò)攻擊，DragonEx估計(jì)損失了價(jià)值100萬(wàn)美元的加密貨幣，而CoinBene損失了4500萬(wàn)美元

　　MAY：

　　Binance： Cyberattackers compromised the Binance cryptocurrency exchange platform and made off with $41 million in Bitcoin.

　　Bestmixer.io： Bestmixer.io was seized by European police. The online service is thought to have laundered over $200 million in cryptocurrency throughout the years.

　　五月：

　　區(qū)塊鏈資產(chǎn)交易平臺(tái)Binance遭黑客入侵：黑客對(duì)Binance加密貨幣交換平臺(tái)進(jìn)行攻擊，偷走了價(jià)值4100萬(wàn)美元的比特幣。

　　歐洲最大的加密貨幣服務(wù)商之一Bestmixer.io被監(jiān)管機(jī)構(gòu)查封：Bestmixer.io網(wǎng)站在今年五月被荷蘭當(dāng)局關(guān)閉。據(jù)了解，該在線服務(wù)多年來(lái)利用加密貨幣交易進(jìn)行洗錢活動(dòng)，總金額超過(guò)2億美元。

　　JUNE：

　　GateHub： Ledger wallets belonging to 18，473 customers were compromised. Suspicious API calls were detected and an investigation concluded the attacker（s） managed to access a database containing valid access tokens. It is still not known exactly just how many coins were stolen， but estimates suggest that at least $10 million was taken.

　　Bitrue： Singaporean exchange Bitrue lost 9.3 million in XRP and 2.5 million in Cardano （ADA） from its hot wallet， worth millions of dollars. A hacker exploited a vulnerability in review process systems to steal customer funds.

　　€24 million Bitcoin heist： Six arrests were made in the UK and the Netherlands by Europol and Eurojust. The suspects are alleged to have operated a scam that netted them €24 million in Bitcoin （BTC）.

　　6月：

　　加密貨幣錢包GateHub資金被盜：今年6月，GateHub共有18473名顧客的錢包被盜。該公司檢測(cè)到了可疑的API調(diào)用，并通過(guò)調(diào)查確定攻擊者設(shè)法訪問(wèn)了包含有效訪問(wèn)令牌的數(shù)據(jù)庫(kù)。該公司表示，雖然不清楚究竟有多少幣被盜，但估計(jì)被盜資產(chǎn)價(jià)值至少有1000萬(wàn)美元。

　　加密貨幣平臺(tái)Bitrue遭黑客攻擊：今年6月末，新加坡交易所Bitrue熱錢包因黑客攻擊損失了930萬(wàn)XRP和250萬(wàn)ADA，損失金額達(dá)數(shù)百萬(wàn)美元。據(jù)報(bào)道，黑客利用了審查程序系統(tǒng)中的漏洞來(lái)竊取客戶資金。

　　價(jià)值2400萬(wàn)歐元的比特幣盜竊案：6月末，歐洲刑警組織和歐洲檢察署在英國(guó)和荷蘭逮捕了6名犯罪嫌疑人，這些嫌疑人被指控操作了一個(gè)騙局，盜竊了價(jià)值2400萬(wàn)歐元的比特幣。

　　JULY：

　　Bitpoint： Japan-based cryptocurrency exchange Bitpoint was subject to $32 million in cryptocurrency theft， $23 million of which belonged to the organization's customers.

　　7月：

　　Bitpoint交易所價(jià)值3200美元加密貨幣被盜：位于日本的加密貨幣交易所Bitpoint在今年7月遭受黑客攻擊，導(dǎo)致價(jià)值3200萬(wàn)美元的加密貨幣被盜，其中2300萬(wàn)美元屬于該交易所的客戶。

　　SEPTEMBER：

　　Ethereum startup extortion： Two cryptocurrency consultants were arrested and charged by the DoJ based on claims the pair attempted to extort an Ethereum startup， threatening to destroy the business unless they were paid what they wanted.

　　EtherDelta charge： A hacker best known for attacking TalkTalk was also indicted for an attack in 2017 on cryptocurrency exchange EtherDelta.

　　9月：

　　以太坊初創(chuàng)公司被敲詐：今年9月，美國(guó)司法部逮捕了兩名加密貨幣顧問(wèn)并指控他們?cè)噲D敲詐勒索一家以太坊初創(chuàng)公司，并威脅說(shuō)，除非他們得到他們想要的報(bào)酬，否則他們會(huì)毀了這家公司。

　　攻擊EtherDelta交易所的黑客被起訴：一名以攻擊TalkTalk而聞名的黑客在今年9月被起訴，起因是該黑客在2017年攻擊了加密貨幣交易所EtherDelta。

　　OCTOBER：

　　MapleChange： Canadian crypto trading post MapleChange said that over 900 BTC had been stolen， but customers would not be refunded -- and very quickly thereafter， the firm's website and social media presence vanished. Foul play is suspected.

　　Satowallet： Satowallet blamed Telegram scammers for the loss of $1 million， stolen from customer wallets. An exit scam is suspected.

　　10月：

　　加拿大數(shù)字貨幣交易所MapleChange聲稱超過(guò)900個(gè)比特幣被盜：加拿大數(shù)字貨幣交易所MapleChange稱有超過(guò)900個(gè)比特幣被盜，但客戶不會(huì)得到賠償。很快，該公司的網(wǎng)站和社交媒體就消失了，據(jù)此，客戶有理由懷疑這是該公司自編自導(dǎo)的一場(chǎng)騙局。

　　尼日利亞加密錢包Satowallet疑似實(shí)施退出騙局：尼日利亞加密錢包Satowallet將100萬(wàn)美元的加密資產(chǎn)損失歸咎于電信詐騙，他們說(shuō)是電信詐騙者從顧客錢包里偷了錢。但是這起事件被懷疑是退出騙局。

　　NOVEMBER：

　　Upbit： South Korean cryptocurrency exchange Upbit said that 342，000 in Ethereum （ETH） had been stolen from the firm's hot wallet， worth roughly $48.5 million. The exchange has promised that customers will not be impacted and the funds will be covered by Upbit assets.

　　Monero： The official Monero website was compromised to deliver a malicious Official Linux CLI binary， tampered to steal funds from unwitting users.

　　North Korea talks： Ethereum project member and cryptocurrency expert Virgil Griffith was arrested after giving a talk at a technology conference in North Korea about how the blockchain could be used to circumvent sanctions. If found guilty of breaking US law， he may face up to 20 years behind bars.

　　Crypto theft， SIM-swapping： The DoJ charged two men for allegedly conducting SIM-swapping attacks in order to steal cryptocurrency from high-value targets. Over $550，000 in cryptocurrency from known victims was allegedly stolen after phone numbers were hijacked to gain access to victim wallets.

　　PlusToken： PlusToken allegedly performed an exit scam， walking away with $2.9 billion in deposits. Some individuals suspected of being involved have been arrested.

　　11月：

　　韓國(guó)加密貨幣交易所Upbit被黑客攻擊：韓國(guó)加密貨幣交易所Upbit在11月份發(fā)出聲明稱，342000個(gè)ETH從該公司的熱錢包中被盜，價(jià)值約4，850萬(wàn)美元。該交易所已承諾，客戶將不會(huì)受到影響，資金將由Upbit資產(chǎn)覆蓋。

　　Monero官方網(wǎng)站被入侵：11月，Monero官方網(wǎng)站被黑客入侵，攻擊者提供惡意的Linux CLI二進(jìn)制文件，篡改了原二進(jìn)制文件，目的是從不知情的用戶那里竊取資金。

　　加密貨幣專家Virgil Griffith被捕：Ethereum項(xiàng)目成員和加密貨幣專家Virgil Griffith在朝鮮的一個(gè)技術(shù)會(huì)議上發(fā)表了關(guān)于如何使用區(qū)塊鏈規(guī)避制裁的演講后被捕。如果被判違反美國(guó)法律，他可能面臨長(zhǎng)達(dá)20年的牢獄之災(zāi)。

　　兩名黑客通過(guò) SIM 卡交換攻擊竊取 55 萬(wàn)美元加密貨幣：美國(guó)司法部指控兩名男子涉嫌進(jìn)行SIM卡交換攻擊，目的是從目標(biāo)對(duì)象手中竊取加密貨幣。據(jù)稱，在此次案件中，來(lái)自已知受害者的超過(guò)55萬(wàn)美元的加密貨幣被盜。

　　龐氏騙局PlusToken：據(jù)稱，PlusToken實(shí)施了一個(gè)退出騙局，帶走了29億美元的存款。目前，一些涉案人員已經(jīng)被逮捕。

　　DECEMBER：

　　Vertcoin： Vertcoin suffered a 51% attack in December 2018， and a year later， history repeated itself. This attack resulted in 603 blocks being removed from the VTC chain and replaced by 553 attacker blocks in order to perform double-spending.

　　12月：

　　黑客對(duì)Vertcoin區(qū)塊鏈發(fā)動(dòng)“51%攻擊”：2018年12月，Vertcoin遭受了“51%攻擊”，一年后，歷史重演。2019年12月，黑客再次對(duì)Vertcoin區(qū)塊鏈發(fā)動(dòng)進(jìn)攻，這次攻擊導(dǎo)致了603個(gè)區(qū)塊被從VTC鏈中移除，取而代之的是553個(gè)攻擊區(qū)塊，此舉旨在方便黑客執(zhí)行“雙花”。

　　注釋：

　　· 51%攻擊，一種術(shù)語(yǔ)，代表著攻擊者手中累積的算力已經(jīng)超過(guò)加密貨幣網(wǎng)絡(luò)中其他所有成員的總和，這意味著攻擊者將能控制貨幣產(chǎn)出。

　　· “雙花”，又名“雙重支付”，指的是同一個(gè)比特幣同時(shí)進(jìn)行了兩次支付，這是一種利用區(qū)塊確認(rèn)時(shí)間差的欺詐行為。（石煜倩）

?

　　注：《譯科技 | 比特幣遭受重創(chuàng)：2019年最嚴(yán)重的密碼災(zāi)難》來(lái)源于Zdnet網(wǎng)站（點(diǎn)擊查看原文）。本文系數(shù)據(jù)觀原創(chuàng)編譯，譯者數(shù)據(jù)觀/石煜倩，轉(zhuǎn)載請(qǐng)務(wù)必注明譯者和來(lái)源。

責(zé)任編輯：張薇